From 373298430be766c9a8803f98bafde3c3ca0f08bd Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 26 Jul 2023 16:31:22 -0400
Subject: [PATCH 1/2] only run iptables-restore if config file is valid

---
 salt/firewall/init.sls | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index f59a39aca..e4255ebbf 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -23,6 +23,10 @@ disable_firewalld:
 iptables_restore:
   cmd.run:
     - name: iptables-restore < /etc/sysconfig/iptables
+    - require:
+      - file: iptables_config
+    - onlyif:
+      - iptables-restore --test /etc/sysconfig/iptables
 
 enable_firewalld:
   service.running:

From bc182c1c431a74d71b96e345c56a17c4a9eccf11 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 27 Jul 2023 09:24:41 -0400
Subject: [PATCH 2/2] only run firewalld states if os_family is RedHat

---
 salt/firewall/init.sls | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index e4255ebbf..5ab028989 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -13,12 +13,14 @@ iptables_config:
     - source: salt://firewall/iptables.jinja
     - template: jinja
 
+{%   if grains.os_family == 'RedHat' %}
 disable_firewalld:
   service.dead:
     - name: firewalld
     - enable: False
     - require:
       - file: iptables_config
+{%   endif %}
 
 iptables_restore:
   cmd.run:
@@ -28,6 +30,7 @@ iptables_restore:
     - onlyif:
       - iptables-restore --test /etc/sysconfig/iptables
 
+{%   if grains.os_family == 'RedHat' %}
 enable_firewalld:
   service.running:
     - name: firewalld
@@ -35,6 +38,7 @@ enable_firewalld:
     - onfail:
       - file: iptables_config
       - cmd: iptables_restore
+{%   endif %}
 
 {% else %}